[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Weak steganography
According to [email protected]:
> There are a couple of problems with the idea of sticking encrypted
> files onto the end of executable files. The first is, to make this
> easy, you need a program to do it (and to "undo" it). Well, if someone
> steals your computer and gets access to these files, they will probably
> also get access to this program. This will tip them off to what you have
> done.
The technique I advocated was so simple, I could code it on my lunch hour at
work. I did. If you didn't want to have such a thing on your machine, you
could store it remotely, either on an ftp site or a local bbs. Clean up
your hard disk and there is no sign of anything.
> This is an example of the general principle that you need to assume that
> your attackers know or can discover the methods you are using, but they
> don't know the keys.
If steganography is to work, we must find ways to make this "principle" invalid.
Strong encryption will protect our "plain-sight-text." It falls to Data-hiding
to protect our cyphertext.
> Another problem is that encrypted files look different from executable
> files. Encrypted files have a uniform histogram (that is, all 256 different
> possible byte values are equally frequent), but exe files do not. The
> appending of an encrypted file to an executable file will be very obvious.
> The exact boundary may not be immediately apparent, but it can probably
> be narrowed down to ten or twenty words without much effort at all. In
> any case, exe files which have had this treatment will stick out like a
> sore thumb.
I was going to suggest, but Phil beet me to it, that we compress our executables
> Last, XOR'ing a PGP file with a repeated string is probably not a very
> good method. PGP has a header at the front whose structure is known and
> which has some fixed bytes. These can be used to immediately recover some
Well, we could do a lot of things here. We could have the option of xor'ing,
adding, or subtracting.... We could add random bytes to the cyphertext, at
offsets we specify and memorize.... I still think this could be done, and that
it would work. If anyone else shares my enthusiasm, I'll try to get it coded up
+-----------------------+-----------------------------+---------+
| J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY |
| [email protected] | But, I was mistaken. |available|
| [email protected] | | Ask Me! |
| (505) 299-2282 +-----------------------------+---------+
| |
+------"I'm just looking for the opportunity to be -------------+
| Politically Incorrect!" <Me> |
+-----If codes are outlawed, only criminals wil have codes.-----+
+----Is Big Brother in your phone? If you don't know, ask me---+